Data And Regulation
AI-Driven Reshaping of the Data Security Market: From DSPM to Confidential Computing
The AI wave is forcing enterprises to reassess their data security strategies, spawning emerging markets such as DSPM and CNAPP, with a combined market size expected to exceed $48 billion by 2030. Regulatory pressures and the threat of quantum computing are jointly driving the transformation of data security from perimeter defense to full lifecycle governance.
AI-Driven Data Security Market Reshaping: From DSPM to Confidential Computing, a New Industry Landscape
Introduction
The rapid deployment of AI is redefining the core logic of data security. As enterprises inject massive amounts of sensitive information (including intellectual property, personally identifiable information, and trade secrets) into AI models, traditional perimeter-based security has proven insufficient. According to Gartner's research, cybersecurity leaders are adopting a layered defense strategy that combines cross-functional governance, data classification, third-party risk management, and enterprise-wide training. Meanwhile, regulators such as the EU GDPR are intensifying enforcement, driving a surge in global data security technology investment. Forecasts indicate that the Data Security Posture Management (DSPM) market will grow from $2 billion in 2025 to $10.4 billion by 2030; the Cloud-Native Application Protection Platform (CNAPP) market is expected to jump from $13.9 billion in 2023 to $38 billion by 2030. In addition, the threat of quantum computing has made "Q-Day" a long-term focus, and confidential computing technology is emerging to protect data in use.
Event Background
From 2025 to 2026, global enterprises are undergoing a fundamental paradigm shift in data security. Vasant Prabhu, Global Head of Data Protection at Australian logistics giant Toll Group, stated that traditional firewalls and access controls can no longer handle the complex threats of a globalized supply chain. As a designated critical infrastructure (under Australia's *Critical Infrastructure Security Act*), Toll Group faces national-level obligations beyond commercial risk. After suffering a major cyberattack in 2020, the company embedded security requirements into procurement processes, contract terms, and third-party risk assessments. At the same time, the introduction of AI has created new data flows: employees uploading sensitive data to unauthorized public AI services ("shadow AI"), internal AI systems accessing data beyond their authorization due to weak governance, and software vendors embedding generative AI into existing platforms—all accelerating data exposure risks.
Digital Economy Analysis
#### User Growth and Data Value The proliferation of AI has transformed data from an "asset" into a "risk core." Enterprises need more data to train models, but the boundaries of data usage, flow, and retention have become sharply blurred. The shadow AI phenomenon shows that the barrier for employees to access AI tools has lowered, but enterprise data governance frameworks have not evolved in tandem. This leads to a synchronized rise in data value and risk: every new piece of data can become a potential channel for leaks.#### Platform Expansion and Network Effects The deep integration of cloud platforms (AWS, Azure, Google Cloud) with AI platforms (OpenAI, Google PaLM, Meta Llama) means data security is no longer a single enterprise issue but a challenge for the entire platform ecosystem. When enterprises entrust data to AI platforms for processing, the platform's own governance capabilities directly determine the exposure of user assets. Network effects here transform into a "security multiplier effect": a single platform vulnerability can affect thousands of enterprise customers.
Business Model Observations
#### New Profitable Security Models The rapid growth of DSPM and CNAPP represents a shift from "selling boxes" to "selling subscriptions + continuous monitoring." These platforms automatically discover, classify, and monitor sensitive data (including AI environments), charging based on data volume or cloud resources, generating scalable SaaS revenue. Virtue Market Research predicts a five-year compound annual growth rate of about 39% for the DSPM market. High profit margins are attracting traditional security vendors (e.g., Palo Alto Networks, CrowdStrike) and cloud-native startups.
#### AI Security as a Service Confidential computing leverages hardware-level Trusted Execution Environments (TEEs). Cloud vendors (e.g., Azure Confidential Computing, AWS Nitro Enclaves) sell these as value-added services. Customers pay a premium for "encryption even while data is in use," especially in finance, healthcare, and regulated industries. This opens a "security premium" model, transforming security from a cost center into a differentiated revenue source.
Market Competition Analysis
- #### Platform Competition: Cloud Giants vs. Security Vendors
- Cloud Vendors: AWS, Azure, and GCP integrate native CNAPP, confidential computing, and key management to use security as a customer lock-in tool. For example, Azure's confidential VMs rely heavily on its hardware ecosystem.
- Specialized Security Vendors: Palo Alto Networks (Prisma Cloud), CrowdStrike (Falcon), Zscaler, and others offer independent DSPM and CNAPP products, emphasizing cross-cloud portability and finer-grained control.
- AI Security Newcomers: Startups like Wiz, Lacework, and Orca Security provide cloud infrastructure security, while Darktrace, Varonis, and others focused on AI data security are accelerating their deployments.#### Winners and Challengers
- Beneficiaries: Cloud providers (enhanced lock-in effects), DSPM/CNAPP leaders, confidential computing hardware providers (Intel SGX, AMD SEV).
- Challengers: Traditional network perimeter security vendors (firewalls, VPNs) facing marginalization; small and medium enterprises may shift to managed security services due to rising compliance costs.
Data and Regulatory Impact
#### Tightening Regulations The high fines of GDPR have created a deterrent, and the Office of the Australian Information Commissioner is becoming increasingly tough. Toll Group bears "national-level" compliance obligations under the SOCI Act, meaning that data security failures could lead to government sanctions or even criminal liability. More countries will follow with data security legislation for critical infrastructure.
#### Data Localization and Cross-Border Flow AI training data often flows across borders, but national regulations require data to remain local. Toll Group operates in over 50 countries and must handle multi-jurisdictional compliance conflicts. This further increases corporate governance costs and may prompt multinational enterprises to adopt a "data minimization" strategy—reducing data collection to lower risk, thereby indirectly affecting the availability of AI training data.
#### Post-Quantum Cryptography and "Harvest Now, Decrypt Later" Threat actors have begun collecting encrypted data, waiting for quantum computers to break it. This forces enterprises to migrate to quantum-resistant algorithms prematurely, but the migration cost is enormous. The National Institute of Standards and Technology (NIST) has released candidate standards, with standardization expected in 2024-2025. Enterprises need to complete cryptographic agility upgrades within five years, or face the risk of historical data breaches.
Global Trend Observations
#### Long-Term Trend: From Perimeter to Data-Centric Security Gartner emphasizes that "data security posture" is shifting from protecting the network to protecting data itself—whether data is at rest, in transit, or in use. Confidential computing fills the final gap, marking the arrival of the "always encrypted" era. This is not just a technology upgrade but a paradigm shift in security architecture.
#### AI Economy and Security Symbiosis AI relies on data, but security restricts data flow—there is a fundamental tension between the two. The future commercialization of AI will depend on whether a "trusted data economy" can be established: that is, enabling model training without exposing raw data (e.g., federated learning, differential privacy, secure multi-party computation). The data security market will become essential infrastructure for the AI economy, similar to IAM in the cloud era.
#### Short-Term Event or Long-Term Trend? The explosion of DSPM and CNAPP is a multi-year trend, with AI merely acting as a catalyst. Although the quantum threat is not yet imminent, its "harvest now, decrypt later" nature is already driving long-term investment. Confidential computing is moving from niche to mainstream. Therefore, the reshaping of data security is a structural change spanning at least a decade.
DigitalEcoNews InsightData security is becoming a new bottleneck in the digital economy. When AI pushes data value to its peak, its risks also reach a critical point. Enterprises can no longer regard data security as a cost item for the IT department, but must upgrade it to a strategic competitive advantage. From DSPM to confidential computing, the market is rapidly creating new value capture nodes—security as a service, platform binding, compliance premiums. For investors, the capitalization opportunity for data security infrastructure is comparable to the previous wave of cloud computing security; for corporate decision-makers, data governance capabilities will directly determine the success or failure of AI transformation; for policymakers, a dynamic balance must be found between data flow efficiency and protection. In the next decade, "data security" will become the underlying logic of the digital economy, just like "cloud"—whoever holds the security scepter of data will dominate the next round of platform ecosystem competition.
Use note · digitalecononews
digitalecononews frames this note through Digital Markets / AI Economy / Platforms & Apps (Source URLs should be opened before the summary is reused). Digital Markets / AI Economy / Platforms & Apps explains the local editorial angle; dates, names and status changes still need checking.